On Sun, 13 Mar 2005 21:59:03 +0100, LiT <ltkascha@op.pl> wrote:
>Dnia Sun, 13 Mar 2005 13:38:07 -0500, robert slawinski napisał(a):
>
>Wrzuc log z HighJackThis. Rozwiejesz mgłę niepewności związaną z
>robalami...
nie wiem czy mi sie podoba taki exhibicjonizm, ale prosze.
nawet wierzacym czasami potrzebny jest cud.
<?xml version = "1.0"?>
<Session START = "13 Mar 05 16:28:25" END = "13 Mar 05 16:28:25">
<Information Version = "4.10" DatabaseVersion = "67" DataBaseDate =
"08 March 2005"/>
<Information OS = "Win XP"/>
<Information ServicePack = "Service Pack 2"/>
<Information WorkingDirectory = "C:\Program Files\XoftSpy\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "ON"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath =
"Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "ctfmon.exe" Data =
"C:\WINDOWS\system32\ctfmon.exe"/>
<Information Value = "MSMSGS" Data = ""C:\Program
Files\Messenger\msmsgs.exe" /background"/>
<Information Value = "Quicknote" Data = "C:\Program
Files\Quicknote\Quicknote.exe"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath =
"Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = "
"/>
<Information Value = "NoJITSetup" Data = "
"/>
<Information Value = "Disable Script Debugger" Data = "yes"/>
<Information Value = "Show_ChannelBand" Data = "No"/>
<Information Value = "Anchor Underline" Data = "yes"/>
<Information Value = "Cache_Update_Frequency" Data =
"Once_Per_Session"/>
<Information Value = "Display Inline Images" Data = "yes"/>
<Information Value = "Do404Search" Data = "
"/>
<Information Value = "Local Page" Data =
"C:\WINDOWS\system32\blank.htm"/>
<Information Value = "Save_Session_History_On_Exit" Data = "no"/>
<Information Value = "Show_FullURL" Data = "no"/>
<Information Value = "Show_StatusBar" Data = "yes"/>
<Information Value = "Show_ToolBar" Data = "yes"/>
<Information Value = "Show_URLinStatusBar" Data = "yes"/>
<Information Value = "Show_URLToolBar" Data = "yes"/>
<Information Value = "Start Page" Data =
"http://www.dell4me.com/myway"/>
<Information Value = "Use_DlgBox_Colors" Data = "yes"/>
<Information Value = "Search Page" Data =
"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Default_Page_URL" Data =
"http://www.dell4me.com/myway"/>
<Information Value = "Search Bar" Data =
"http://bfc.myway.com/search/de_srchlft.html"/>
<Information Value = "Use Search Asst" Data = "no"/>
<Information Value = "Use Custom Search URL" Data = "
"/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "Window_Placement" Data = ","/>
<Information Value = "NotifyDownloadComplete" Data = "yes"/>
<Information Value = "ShowedCheckBrowser" Data = "Yes"/>
<Information Value = "Check_Associations" Data = "No"/>
<Information Value = "Use_Combobox_DlgBox_Colors_Complete" Data =
"3"/>
<Information Value = "Use_Combobox_DlgBox_Colors_Failed" Data = "3"/>
<Information Value = "Use_Combobox_DlgBox_Colors_Error" Data = "1"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath =
"Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data =
"http://www.dell4me.com/myway"/>
<Information Value = "Default_Search_URL" Data =
"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Search Page" Data =
"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"/>
<Information Value = "Enable_Disk_Cache" Data = "yes"/>
<Information Value = "Cache_Percent_of_Disk" Data = "
"/>
<Information Value = "Delete_Temp_Files_On_Exit" Data = "yes"/>
<Information Value = "Local Page" Data =
"%SystemRoot%\system32\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = "
"/>
<Information Value = "Use_Async_DNS" Data = "yes"/>
<Information Value = "Placeholder_Width" Data = "�"/>
<Information Value = "Placeholder_Height" Data = "�"/>
<Information Value = "Start Page" Data =
"http://www.dell4me.com/myway"/>
<Information Value = "CompanyName" Data = "Microsoft Corporation"/>
<Information Value = "Custom_Key" Data = "MICROSO"/>
<Information Value = "Wizard_Version" Data = "6.0.2600.0000"/>
<Information Value = "FullScreen" Data = "no"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath =
"Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data =
"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"/>
<Information Value = "CustomizeSearch" Data =
"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath =
"Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "NvCplDaemon" Data = "RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup"/>
<Information Value = "SunJavaUpdateSched" Data = "C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe"/>
<Information Value = "IAAnotif" Data = "C:\Program Files\Intel\Intel
Application Accelerator\iaanotif.exe"/>
<Information Value = "CTSysVol" Data = "C:\Program
Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r"/>
<Information Value = "CTDVDDET" Data = ""C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE""/>
<Information Value = "CTHelper" Data = "CTHELPER.EXE"/>
<Information Value = "UpdReg" Data = "C:\WINDOWS\UpdReg.EXE"/>
<Information Value = "DVDLauncher" Data = ""C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe""/>
<Information Value = "DMXLauncher" Data = "C:\Program Files\Dell\Media
Experience\DMXLauncher.exe"/>
<Information Value = "UpdateManager" Data = ""C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r"/>
<Information Value = "dla" Data =
"C:\WINDOWS\system32\dla\tfswctrl.exe"/>
<Information Value = "QuickTime Task" Data = ""C:\Program
Files\QuickTime\qttask.exe" -atboottime"/>
<Information Value = "DwlClient" Data = "C:\Program Files\Common
Files\Dell\EUSW\Support.exe"/>
<Information Value = "nod32kui" Data = ""C:\Program
Files\Eset\nod32kui.exe" /WAITSERVICE"/>
<Information Value = "PinnacleDriverCheck" Data =
"C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg"/>
<Information Value = "NeroFilterCheck" Data =
"C:\WINDOWS\system32\NeroCheck.exe"/>
<Information Value = "WinampAgent" Data = "C:\Program
Files\Winamp\winampa.exe"/>
<Information Value = "Logitech Utility" Data = "Logi_MwX.Exe"/>
<Information Value = "TkBellExe" Data = ""C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot"/>
<Information Value = "nwiz" Data = "nwiz.exe /install"/>
<Information Value = "NvMediaCenter" Data = "RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath =
"SYSTEM\ControlSet001\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = "�"/>
<Information Value = "Next_Catalog_Entry_ID" Data = ".�"/>
<Information Value = "Serial_Access_Num" Data = "�"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath =
"SYSTEM\ControlSet003\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = "�"/>
<Information Value = "Next_Catalog_Entry_ID" Data = ".�"/>
<Information Value = "Serial_Access_Num" Data = "�"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath =
"Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "AppInit_DLLs" Data = ""/>
<Information Value = "DeviceNotSelectedTimeout" Data = "15"/>
<Information Value = "GDIProcessHandleQuota" Data = "�'"/>
<Information Value = "Spooler" Data = "yes"/>
<Information Value = "swapdisk" Data = ""/>
<Information Value = "TransmissionRetryTimeout" Data = "90"/>
<Information Value = "USERProcessHandleQuota" Data = "�'"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath =
"Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "DebugOptions" Data = "2048"/>
<Information Value = "Documents" Data = ""/>
<Information Value = "DosPrint" Data = "no"/>
<Information Value = "load" Data = ""/>
<Information Value = "NetMessage" Data = "no"/>
<Information Value = "NullPort" Data = "None"/>
<Information Value = "Programs" Data = "com exe bat pif cmd"/>
<Information Value = "Device" Data = "Fax,winspool,Ne00:"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath =
"Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{4D25F926-B9FE-4682-BF72-8AB8210D6D75}" Data =
""/>
<Information Value = "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Data =
""/>
<Scanning TIME = "13 Mar 05 16:28:25">
<PROCESS NAME = "-" MD5 = "(null)"/>
<PROCESS NAME = "\SystemRoot\System32\smss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\csrss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\winlogon.exe" MD5 =
"(null)"/>
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 =
"c6ce6eec82f187615d1002bb3bb50ed4"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 =
"84885f9b82f4d55c6146ebf6065d75d2"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 =
"8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 =
"8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 =
"8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 =
"8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 =
"8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 =
"7435b108b935e42ea92ca94f59c8e717"/>
<PROCESS NAME = "C:\WINDOWS\system32\CTsvcCDA.EXE" MD5 =
"3c8b6609712f4ff78e521f6dcfc4032b"/>
<PROCESS NAME = "C:\Program Files\Intel\Intel Application
Accelerator\iaantmon.exe" MD5 = "3277cf101ae78c38b00702d688e37d44"/>
<PROCESS NAME = "C:\Program Files\Eset\nod32krn.exe" MD5 =
"34530c6b9e779918f6b18774ca5c778f"/>
<PROCESS NAME = "C:\WINDOWS\system32\nvsvc32.exe" MD5 =
"43b0a0774ea90bf699d267c45d2702f9"/>
<PROCESS NAME =
"C:\Softimage\SOFT3D_4.0\mental_ray\bin\ray2Soft3D400server.exe" MD5 =
"19329b951f40b3b627fab75f3043f256"/>
<PROCESS NAME = "C:\WINDOWS\system32\Tablet.exe" MD5 =
"3cc41359ddd8423aacc1bbc9d38e8ba2"/>
<PROCESS NAME = "C:\Program Files\Common Files\Ulead
Systems\DVD\ULCDRSvr.exe" MD5 = "ca90d2c55eb3bb90687677bea3db0b59"/>
<PROCESS NAME = "C:\WINDOWS\system32\wdfmgr.exe" MD5 =
"c81b8635dee0d3ef5f64b3dd643023a5"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 =
"a0732187050030ae399b241436565e64"/>
<PROCESS NAME = "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
MD5 = "b3f49526347a82f8939881804c56aa94"/>
<PROCESS NAME = "C:\Program Files\Intel\Intel Application
Accelerator\iaanotif.exe" MD5 = "84ce197c2869be8965644396841fdd19"/>
<PROCESS NAME = "C:\Program Files\Creative\SBAudigy2ZS\Surround
Mixer\CTSysVol.exe" MD5 = "e7d1d8179fe03e2bc569a92b56509414"/>
<PROCESS NAME = "C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" MD5 =
"db20fce248d269e1c396e70a91e587c8"/>
<PROCESS NAME = "C:\WINDOWS\system32\CTHELPER.EXE" MD5 =
"347293c8d9cf7474206541f93c6d8616"/>
<PROCESS NAME = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MD5 = "7e5fc860ecbd3fe4d0bf7e1814a37b56"/>
<PROCESS NAME = "C:\Program Files\Dell\Media
Experience\DMXLauncher.exe" MD5 = "2a0744d8d682b71f0cd6780a7ba4f816"/>
<PROCESS NAME = "C:\WINDOWS\system32\dla\tfswctrl.exe" MD5 =
"790490f273b0e3bcf05dc3c308abcc0b"/>
<PROCESS NAME = "C:\Program Files\Eset\nod32kui.exe" MD5 =
"c7ff34097345f7aa5e7ece8633e7de1e"/>
<PROCESS NAME = "C:\Program Files\Winamp\winampa.exe" MD5 =
"11aa6662a1be30375afd1a8407811e7e"/>
<PROCESS NAME = "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" MD5 =
"d09a5f5c4dbd5d4dff09ab1a69812062"/>
<PROCESS NAME = "C:\WINDOWS\system32\RUNDLL32.EXE" MD5 =
"da285490bbd8a1d0ce6623577d5ba1ff"/>
<PROCESS NAME = "C:\WINDOWS\System32\alg.exe" MD5 =
"f1958fbf86d5c004cf19a5951a9514b7"/>
<PROCESS NAME = "C:\Program
Files\Dell\Support\Alert\bin\NotifyAlert.exe" MD5 =
"68d63d92d73146ef9a5efd5e7f25611e"/>
<PROCESS NAME = "C:\WINDOWS\system32\ctfmon.exe" MD5 =
"24232996a38c0b0cf151c2140ae29fc8"/>
<PROCESS NAME = "C:\Program
Files\Logitech\MouseWare\system\em_exec.exe" MD5 =
"7d325ec9b9b1589df12d0874700bc59e"/>
<PROCESS NAME = "C:\Program Files\Quicknote\Quicknote.exe" MD5 =
"6dd781edf1d1db6288fce1cfaab111d5"/>
<PROCESS NAME = "C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe" MD5 =
"4c9696c02f1b5f1bc2bab99115bb18dd"/>
<PROCESS NAME = "C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe" MD5 =
"e8f732bf056615382d0393c899d5ed0c"/>
<PROCESS NAME = "C:\Program Files\Palm\HOTSYNC.EXE" MD5 =
"7fb566c5816d8959c9f3ab918c00cd1f"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 =
"8f078ae4ed187aaabc0a305146de6716"/>
<PROCESS NAME = "C:\WINDOWS\system32\wscntfy.exe" MD5 =
"49911dd39e023bb6c45e4e436cfbd297"/>
<PROCESS NAME = "C:\WINDOWS\system32\cmd.exe" MD5 =
"eeb024f2c81f0d55936fb825d21a91d6"/>
<PROCESS NAME = "C:\Program Files\Gaim\gaim.exe" MD5 =
"687c7a3b763830989f862efee2173afb"/>
<PROCESS NAME = "C:\WINDOWS\system32\CHKDSK.EXE" MD5 =
"5f7eaaf5d10e2a715d5e305ac992b2a7"/>
<PROCESS NAME = "C:\Program Files\Agent_onet\agent.exe" MD5 =
"9dc77e8e41e4a8341902481b0d840aac"/>
<PROCESS NAME = "C:\Program Files\Advanced MP3 Catalog Pro\AMC3.exe"
MD5 = "c59b147b86c5cf8cab0bb4b33f98e39f"/>
<PROCESS NAME = "C:\Program Files\TC PowerPack\totalcmd.exe" MD5 =
"7fe6df0cc65a1f93dd243665ccb43fea"/>
<PROCESS NAME = "C:\Program Files\Winamp\Winamp.exe" MD5 =
"5c66b5015e16b434771c3d43e6a06a0a"/>
<PROCESS NAME = "C:\Program Files\Mozilla Firefox\firefox.exe" MD5 =
"c7332d593a1f506e6e68bdfc7325e2c1"/>
<PROCESS NAME = "C:\Program Files\XoftSpy\XoftSpy.exe" MD5 =
"a32b6df132bcab46d04ba3d273a61cba"/>
<ScanningRegKeys>
</ScanningRegKeys>
<ScanningRegValues>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
</Scanning>
--
Facts are stupid things.
Ronald Reagan (regarding Iran Contras)
Received on Sun Mar 13 22:45:24 2005